Inseparability and Conservative Extensions of Description Logic Ontologies: A Survey

Inseparability and Conservative Extensions of

Description Logic Ontologies: A Survey

Elena Botoeva1, Boris Konev2, Carsten Lutz3, Vladislav Ryzhikov1, Frank Wolter2, and Michael Zakharyaschev4

1

Free University of Bozen-Bolzano, Italy {botoeva,ryzhikov}@inf.unibz.it

2

University of Liverpool, UK {konev,wolter}@liverpool.ac.uk

3

University of Bremen, Germany [email protected]

4

Birkbeck, University of London, UK [email protected]

Abstract. The question whether an ontology can safely be replaced by another, possibly simpler, one is fundamental for many ontology engi-neering and maintenance tasks. It underpins, for example, ontology ver-sioning, ontology modularization, forgetting, and knowledge exchange. What ‘safe replacement’ means depends on the intended application of the ontology. If, for example, it is used to query data, then the answers to any relevant ontology-mediated query should be the same over any relevant data set; if, in contrast, the ontology is used for conceptual reasoning, then the entailed subsumptions between concept expressions should coincide. This gives rise to different notions of ontology insep-arability such as query insepinsep-arability and concept insepinsep-arability, which generalize corresponding notions of conservative extensions. We survey results on various notions of inseparability in the context of descrip-tion logic ontologies, discussing their applicadescrip-tions, useful model-theoretic characterizations, algorithms for determining whether two ontologies are inseparable (and, sometimes, for computing the difference between them if they are not), and the computational complexity of this problem.

1

Introduction

Description logic (DL) ontologies provide a common vocabulary for a domain of interest together with a formal modeling of the semantics of the vocabulary items (concept names and role names). In modern information systems, they are employed to capture domain knowledge and to promote interoperability. On-tologies can become large and complex as witnessed, for example, by the widely used healthcare ontology Snomed CT, which contains more than 300,000 con-cept names, and the National Cancer Institute (NCI) Thesaurus ontology, which contains more than 100,000 concept names. Engineering, maintaining and de-ploying such ontologies is challenging and labour intensive; it crucially relies on

extensive tool support for tasks such as ontology versioning, ontology modular-ization, ontology summarmodular-ization, and forgetting parts of an ontology. At the core of many of these tasks lie notions of inseparability of two ontologies, indicating that inseparable ontologies can safely be replaced by each other for the task at hand. The aim of this article is to survey the current research on inseparabil-ity of DL ontologies. We present and discuss different types of inseparabilinseparabil-ity, their applications and interrelation, model-theoretic characterizations, as well as results on the decidability and computational complexity of inseparability.

The exact formalization of when an ontology ‘can safely be replaced by an-other one’ (that is, of inseparability) depends on the task for which the ontology is to be used. As we are generally going to abstract away from the syntactic presentation of an ontology, a natural first candidate for the notion of insepara-bility between two ontologies is their logical equivalence. However, this can be an unnecessarily strong requirement for most applications since also ontologies that are not logically equivalent can be replaced by each other without adverse effects. This is due to two main reasons. First, applications of ontologies often make use of only a fraction of the vocabulary items. As an example, consider Snomed CT, which contains a vocabulary for a multitude of domains related to health case, including clinical findings, symptoms, diagnoses, procedures, body structures, organisms, pharmaceuticals, and devices. In a concrete application such as storing electronic patient records, only a small part of this vocabulary is going to be used. Thus, two ontologies should be separable only if they differ with respect to the relevant vocabulary items. Consequently, all our inseparabil-ity notions will be parameterized by a signature (set of concept and role names) Σ; when we want to emphasize Σ, we speak of Σ-inseparability. Second, even for the relevant vocabulary items, many applications do not rely on all details of the semantics provided by the ontology. For example, if an ontology is employed for conjunctive query answering over data sets that use vocabulary items from the ontology, then only the existential positive aspects of the semantics are relevant since the queries are positive existential, too.

A fundamental decision to be taken when defining an inseparability notion is whether the definition should be model-theoretic or in terms of logical con-sequences. Under the first approach, two ontologies are inseparable when the reducts of their models to the signature Σ coincide. We call the resulting insep-arability notion model insepinsep-arability. Under the second approach, two ontologies are inseparable when they have the same logical consequences in the signa-ture Σ. This actually gives rise to potentially many notions of inseparability since we can vary the logical language in which the logical consequences are formulated. Choosing the same language as the one used for formulating the on-tologies results in what we call concept inseparability, which is appropriate when the ontologies are used for conceptual reasoning. Choosing a logical language that is based on database-style queries results in notions of query inseparability, which are appropriate for querying applications. Model inseparability implies all the resulting consequence-based notions of inseparability, but the converse does not hold for all standard DLs. The notion of query inseparability suggests some

additional aspects. In particular, this type of inseparability is important both for ontologies that contain data as an integral part (knowledge bases or KBs, in DL parlance) and for those that do not (TBoxes, in DL parlance) and are maintained independently of the data. In the latter case, two TBoxes should be regarded as inseparable if they give the same answers to any relevant query for any possible data. One might then even want to work with two signatures: one for the data and one for the query. It turns out that, for both KBs and TBoxes, one obtains notions of inseparability that behave very differently from concept inseparability.

Inseparability generalizes conservative extensions, as known from classical logic. In fact, conservative extensions can also be defined in a model-theoretic and in a consequence-based way, and they correspond to the special case of inseparability where one ontology is syntactically contained in the other and the signature is the set of vocabulary items in the smaller ontology. Note that none of these two additional assumptions is appropriate for many applications of inseparability, such as ontology versioning. Instead of directly working with inseparability, we will often consider corresponding notions of entailment which, intuitively, is inseparability ‘in one direction’; for example, two ontologies are concept Σ-inseparable if and only if they concept Σ-entail each other. Thus, one could say that an ontology concept (or model) entails another ontology if it is sound to replace the former by the latter in applications for which concept insep-arability is the ‘right’ insepinsep-arability notion. Algorithms and complexity upper bounds are most general when established for entailment instead of inseparabil-ity, as they carry over to inseparability and conservative extensions. Similarly, lower bounds for conservative extensions imply lower bounds for inseparability and for entailment.

In this survey, we provide an in-depth discussion of four inseparability rela-tions, as indicated above. For TBoxes, we look at Σ-concept inseparability (do two TBoxes entail the same concept inclusions over Σ?), Σ-model inseparability (do the Σ-reducts of the models of two TBoxes coincide?), and (Σ1, Σ2

)-Q-inseparability (do the answers given by two TBoxes coincide for all Σ1-ABoxes

and all Σ2-queries from the class Q of queries?). Here, we usually take Q to

be the class of conjunctive queries (CQs) and unions thereof (UCQs), but some smaller classes of queries are considered as well. For KBs, we consider Σ-Q-inseparability (do the answers to Σ-queries in Q given by two KBs coincide?). When discussing proof techniques in detail, we focus on the standard expressive DL ALC and tractable DLs from the E L and DL-Lite families. We shall, however, also mention results for extensions of ALC and other DLs such as Horn-ALC.

The structure of this survey is as follows. In Section 2, we introduce de-scription logics. In Section 3, we introduce an abstract notion of inseparability and discuss applications of inseparability in ontology versioning, refinement, re-use, modularity, the design of ontology mappings, knowledge base exchange, and forgetting. In Section 4, we discuss concept inseparability. We focus on the description logics E L and ALC and give model-theoretic characterizations of Σ-concept inseparability which are then used to devise automata-based approaches

Name Syntax Semantics top concept > ∆I bottom concept ⊥ ∅ negation ¬C ∆I\ CI conjunction C u D CI∩ DI disjunction C t D CI∪ DI

existential restriction ∃r.C {d ∈ ∆I_{| ∃e ∈ C}I

(d, e) ∈ rI} universal restriction ∀r.C {d ∈ ∆I_{| ∀e ∈ ∆}I

((d, e) ∈ rI→ e ∈ CI

)} Table 1. Syntax and semantics of ALC.

to deciding concept inseparability. We also present polynomial time algorithms for acyclic E L TBoxes. In Section 5, we discuss model inseparability. We show that it is undecidable even in simple cases, but that by restricting the signa-ture Σ to concept names, it often becomes decidable. We also consider model inseparability from the empty TBox, which is important for modularization and locality-based approximations of model inseparability. In Section 6, we discuss query inseparability between KBs. We develop model-theoretic criteria for query inseparability and use them to obtain algorithms for deciding query insepara-bility between KBs and their complexity. We consider description logics from the E L and DL-Lite families, as well as ALC and its Horn fragment. In Sec-tion 7, we consider query inseparability between TBoxes and analyse in how far the techniques developed for KBs can be generalized to TBoxes. We again con-sider a wide range of DLs. Finally, in Section 8 we discuss further inseparability relations, approximation algorithms and the computation of representatives of classes of inseparable TBoxes.

2

Description Logic

In description logic, knowledge is represented using concepts and roles that are inductively defined starting from a set NC of concept names and a set NR of

role names, and using a set of concept and role constructors [7]. Different sets of concept and role constructors give rise to different DLs.

We start by introducing the description logic ALC. The concept constructors available in ALC are shown in Table 1, where r is a role name and C and D are concepts. A concept built from these constructors is called an ALC-concept. ALC does not have any role constructors. An ALC TBox is a finite set of ALC concept inclusions (CIs) of the form C v D and ALC concept equivalences (CEs) of the form C ≡ D. (A CE C ≡ D can be regarded as an abbreviation for the two CIs C v D and D v C.) The size |T | of a TBox T is the number of occurrences of symbols in T .

DL semantics is given by interpretations I = (∆I, ·I) in which the domain ∆I is a non-empty set and the interpretation function ·I maps each concept

Name Syntax Semantics Identifier number restrictions (6 n r C) {d | #{e | (d, e) ∈ rI∧ e ∈ CI} ≤ n} Q

(> n r C) {d | #{e | (d, e) ∈ rI∧ e ∈ CI} ≥ n} inverse role r− {(d, e) | (e, d) ∈ rI_{} I}

universal role u ∆I× ∆I _·u

role inclusions (RIs) r v s rI⊆ sI _H

Table 2. Additional constructors: syntax and semantics.

name A ∈ NC to a subset AI of ∆I, and each role name r ∈ NR to a binary

relation rIon ∆I. The extension of ·Ito arbitrary concepts is defined inductively as shown in the third column of Table 1. We say that an interpretation I satisfies a CI C v D if CI⊆ DI_{, and that I is a model of a TBox T if it satisfies all the}

CIs in T . A TBox is consistent (or satisfiable) if it has a model. A concept C is satisfiable w.r.t. T if there exists a model I of T such that CI 6= ∅. A concept C is subsumed by a concept D w.r.t. T (T |= C v D, in symbols) if every model I of T satisfies the CI C v D. For TBoxes T1, T2, we write T1|= T2 and say that

T1 entails T2 if T1|= α for all α ∈ T2. TBoxes T1 and T2 are logically equivalent

if they have the same models. This is the case if and only if T1 entails T2 and

vice versa.

A signature Σ is a finite set of concept and role names. The signature sig(C) of a concept C is the set of concept and role names that occur in C, and likewise for TBoxes T , CIs C v D, assertions r(a, b) and A(a), ABoxes A, KBs K, UCQs q. Note that the universal role is not regarded as a role name, and so does not belong in any signature. Similarly, individual names are not in any signature and, in particular, not in the signature of an assertion, ABox, or KB. We are often interested in concepts, TBoxes, KBs, and ABoxes that are formulated using a specific signature. Therefore, we talk of a Σ-TBox T if sig(T ) ⊆ Σ, and likewise for Σ-concepts, etc.

There are several extensions of ALC relevant for this paper, which fall into three categories: extensions with (i ) additional concept constructors, (ii ) ad-ditional role constructors, and (iii ) adad-ditional types of statements in TBoxes. These extensions are detailed in Table 2, where #X denotes the size of a set X and double horizontal lines delineate different types of extensions. The last column gives an identifier for each extension, which is simply appended to the name ALC for constructing extensions of ALC. For example, ALC extended with number restrictions, inverse roles, and the universal role is denoted by ALCQIu. We next define a number of syntactic fragments of ALC and its extensions, which often have dramatically lower computational complexity. The fragment of ALC obtained by disallowing the constructors ⊥, ¬, t and ∀ is known as EL. Thus, E L concepts are constructed using >, u and ∃ only [6]. We also consider extensions of E L with the constructors in Table 2. For example, E LIu denotes the extension of E L with inverse roles and the universal role. The fragments of

ALCI and ALCHI, in which CIs are of the form

B1v B2 and B1u B2v ⊥,

and the Bi are concept names, >, ⊥ or ∃r.>, are denoted by DL-Litecore and

DL-LiteH_core(or DL-LiteR), respectively [19, 4].

Example 1. The CI ∀childOf−.Tall v Tall (saying that everyone with only tall parents is also tall) is in ALCI but not in ALC, E L or DL-LiteH_core. The RI childOf−v parentOf is in both ALCHI and DL-LiteH_core.

EL and the DL-Lite logics introduced above are examples of Horn DLs, that is, fragments of DLs in the ALC family that restrict the syntax in such a way that conjunctive query answering (see below) becomes tractable in data complexity. A few additional Horn DLs have become important in recent years. Following [46, 49], we say that a concept C occurs positively in C itself and, if C occurs positively (negatively) in C0, then

– C occurs positively (respectively, negatively) in C0t D, C0_{u D, ∃r.C}0_{, ∀r.C}0_,

D v C0, and

– C occurs negatively (respectively, positively) in ¬C0 and C0v D.

Now, we call a TBox T Horn if no concept of the form C t D occurs positively in T , and no concept of the form ¬C or ∀R.C occurs negatively in T . For any DL L from the ALC family introduced above (e.g., ALCHI), the DL Horn-L only allows for Horn TBoxes in L. Note that ∀childOf−.Tall occurs negatively in the CI α from Example 1, and so the TBox T = {α} is not Horn.

TBoxes T used in practice often turn out to be acyclic in the following sense: – all CEs in T are of the form A ≡ C (concept definitions) and all CIs in T

are of the form A v C (primitive concept inclusions), where A is a concept name;

– no concept name occurs more than once on the left-hand side of a statement in T ;

– T contains no cyclic definitions, as detailed below.

Let T be a TBox that contains only concept definitions and primitive concept inclusions. The relation ≺T ⊆ NC× sig(T ) is defined by setting A ≺T X if there

exists a TBox statement A ./ C such that X occurs in C, where ./ ranges over {v, ≡}. A concept name A depends on a symbol X ∈ NC∪ NRif A ≺+T X, where

·+_{denotes transitive closure. We use depend}

T(A) to denote the set of all symbols

X such that A depends on X. We can now make precise what it means for T to contain no cyclic definitions: A 6∈ depend_T(A), for all A ∈ NC. Note that the

TBox T = {α} with α from Example 1 is cyclic.

In DL, data is represented in the form of ABoxes. To introduce ABoxes, we fix a set NI of individual names, which correspond to constants in first-order

logic. An assertion is an expression of the form A(a) or r(a, b), where A is a concept name, r a role name, and a, b individual names. An ABox A is just a

finite set of assertions. We call the pair K = (T , A) of a TBox T in a DL L and an ABox A an L knowledge base (KB, for short). By ind(A) and ind(K), we denote the set of individual names in A and K, respectively.

To interpret ABoxes A, we consider interpretations I that map all individual names a ∈ ind(A) to elements aI∈ ∆I_{in such a way that a}I _{6= b}I_{if a 6= b (thus,}

we adopt the unique name assumption). We say that I satisfies an assertion A(a) if aI∈ CI_{, and r(a, b) if (a}I_{, b}I_{) ∈ r}I_{. It is a model of an ABox A if it satisfies}

all assertions in A, and of a KB K = (T , A) if it is a model of both T and A. We say that K is consistent (or satisfiable) if it has a model. We use the terminology introduced for TBoxes for KBs as well. For example, KBs K1and K2are logically

equivalent if they have the same models (or, equivalently, entail each other). We next introduce query answering for KBs, beginning with conjunctive queries [39, 18, 20]. An atom is of the form A(x) or r(x, y), where x, y are from a set of variables NV, A is a concept name, and r a role name. A conjunctive

query (or CQ) is an expression of the form q(x) = ∃y ϕ(x, y), where x and y are disjoint sequences of variables and ϕ is a conjunction of atoms that only contain variables from x ∪ y—we (ab)use set-theoretic notation for sequences where convenient. We often write A(x) ∈ q and r(x, y) ∈ q to indicate that A(x) and r(x, y) are conjuncts of ϕ. We call a CQ q rooted (rCQ) if every y ∈ y is connected to some x ∈ x by a path in the undirected graph whose nodes are the variables in q and edges are the pairs {u, v} with r(u, v) ∈ q, for some r. A union of CQs (UCQ) is a disjunction q(x) = W

iqi(x) of CQs qi(x) with

the same answer variables x; it is rooted (rUCQ) if all the q_i are rooted. If the sequence x is empty, q(x) is called a Boolean CQ or UCQ.

Given a UCQ q(x) =W

iqi(x) and a KB K, a sequence a of individual names

from K of the same length as x is called a certain answer to q(x) over K if, for every model I of K, there exist a CQ qi in q and a map (homomorphism) h of

its variables to ∆I such that

– if x is the j-th element of x and a the j-th element of a, then h(x) = aI; – A(z) ∈ q implies h(z) ∈ AI, and r(z, z0) ∈ q implies (h(z), h(z0)) ∈ rI. If this is the case, we write K |= q(a). For a Boolean UCQ q, we also say that the certain answer over K is ‘yes’ if K |= q and ‘no’ otherwise. CQ or UCQ answering means to decide, given a CQ or UCQ q(x), a KB K and a tuple a from ind(K), whether K |= q(a).

3

Inseparability

Since there is no single inseparability relation between ontologies that is ap-propriate for all applications, we start by identifying basic properties that any semantic notion of inseparability between TBoxes or KBs should satisfy. We also introduce notation that will be used throughout the survey and discuss a few applications of inseparability.

For uniformity, we assume that the term ‘ontology’ refers to both TBoxes and KBs.

Definition 1 (inseparability). Let S be the set of ontologies (either TBoxes or KBs) formulated in a description logic L. A map that assigns to each signature Σ an equivalence relation ≡Σon S is an inseparability relation on S if the following

conditions hold:

(i ) if O1 and O2 are logically equivalent, then O1≡Σ O2, for all signatures Σ

and O1, O2∈ S;

(ii ) Σ1⊆ Σ2 implies ≡Σ1 ⊇ ≡Σ2, for all finite signatures Σ1and Σ2.

By condition (i ), an inseparability relations does not depend on the syntactic presentation of an ontology, but only on its semantics. Condition (ii ) formalizes the requirement that if the set of relevant symbols increases (Σ2 ⊇ Σ1), then

more ontologies become separable. Depending on the intended application, ad-ditional properties may also be required. For example, we refer the reader to [55] for a detailed discussion of robustness properties that are relevant for appli-cations to modularity. We illustrate inseparability relations by three very basic examples.

Example 2. (1) Let S be the set of ontologies formulated in a description logic L, and let O1 ≡equiv O2 if and only if O1 and O2 are logically equivalent, for

any O1, O2∈ S. Then ≡equiv is an inseparability relation that does not depend

on the concrete signature. It is the finest inseparability relation possible. The inseparability relations considered in this survey are more coarse.

(2) Let S be the set of KBs in a description logic L, and let K1≡satK2if and

only if K1 and K2 are equisatisfiable, for any K1, K2 ∈ S. Then ≡sat is another

inseparability relation that does not depend on the concrete signature. It has two equivalence classes—the satisfiable KBs and the unsatisfiable KBs—and is not sufficiently fine-grained for most applications.

(3) Let S be the set of TBoxes in a description logic L, and let T1≡hierarchyΣ T2

if and only if

T1|= A v B ⇐⇒ T2|= A v B, for all concept names A, B ∈ Σ.

Then each relation ≡hierarchy_Σ is an inseparability relation. It distinguishes between two TBoxes if and only if they do not entail the same subsumption hierarchy over the concept names in Σ, and it is appropriate for applications that are only concerned with subsumption hierarchies such as producing a systematic catalog of vocabulary items, which is in fact the prime use of Snomed CT5_.

As discussed in the introduction, the inseparability relations considered in this paper are more sophisticated than those in Example 2. Details are given in the subsequent sections. We remark that some versions of query inseparability that we are going to consider are, strictly speaking, not covered by Definition 1 since two signatures are involved (one for the query and one for the data). However, it is easy to extend Definition 1 accordingly.

We now present some important applications of inseparability.

5

Versioning. Maintaining and updating ontologies is very difficult without tools that support versioning. One can distinguish three approaches to versioning [53]: versioning based on syntactic difference (syntactic diff), versioning based on structural difference (structural diff), and versioning based on logical difference (logical diff). The syntactic diff underlies most existing version control systems used in software development [24] such as RCS, CVS, SCCS. It works with text files and represents the difference between versions as blocks of text present in one version but not in the other. As observed in [82], ontology versioning cannot rely on a purely syntactic diff operation since many syntactic differences (e.g., the order of ontology axioms) do not affect the semantics. The structural diff extends the syntactic diff by taking into account information about the structure of ontologies. Its main characteristic is that it regards ontologies as structured objects, such as an is-a taxonomy [82], a set of RDF triples [51] or a set of class defining axioms [87, 47]. Though helpful, the structural diff still has no unambiguous semantic foundation and is syntax dependent. Moreover, it is tailored towards applications of ontologies that are based on the induced concept hierarchy (or some mild extension thereof), but does not capture other applications such as querying data under ontologies. In contrast, the logical diff [58, 60] completely abstracts away from the presentation of the ontology and regards two versions of an ontology as identical if they are inseparable with respect to an appropriate inseparability relation such as concept inseparability or query inseparability. The result of the logical diff is then presented in terms of witnesses for separability.

Ontology refinement. When extending an ontology with new concept inclu-sions or other statements, one usually wants to preserve the semantics of a large part Σ of its vocabulary. For example, when extending Snomed CT with 50 additional concept names on top of the more than 300K existing ones, one wants to ensure that the meaning of unrelated parts of the vocabulary does not change. This preservation problem is formalized by demanding that the original ontol-ogy Ooriginal and the extended ontology Ooriginal∪ Oadd are Σ-inseparable (for

an appropriate notion of inseparability) [36]. It should be noted that ontology refinement can be regarded as a versioning problem as discussed above, where Ooriginaland Ooriginal∪ Oaddare versions of an ontology that have to be compared.

Ontology reuse. A frequent operation in ontology engineering is to import an existing ontology Oim into an ontology Ohost that is currently being developed,

with the aim of reusing the vocabulary of Oim. Consider, for example, a host

ontology Ohostdescribing research projects that imports an ontology Oim, which

defines medical terms Σ to be used in the definition of research projects in Ohost.

Then one typically wants to use the medical terms Σ exactly as defined in Oim.

However, using those terms to define concepts in Ohost might have unexpected

consequences also for the terms in Oim, that is, it might ‘damage’ the modeling

of those terms. To avoid this, one wants to ensure that Ohost∪ Oim and Oim are

Σ-inseparable [25]. Again, this can be regarded as a versioning problem for the ontology Oim.

Modularity. Modular ontologies and the extraction of modules are an impor-tant ontology engineering challenge [97, 64]. Understanding Σ-inseparability of ontologies is crucial for most approaches to this problem. For example, a very natural and popular definition of a module M of an ontology O demands that M ⊆ O and that M is Σ-inseparable from O for the signature Σ of M (called self-contained module). Under this definition, the ontology O can be safely re-placed by the module M in the sense specified by the inseparability relation and as far as the signature Σ of M is concerned. A stronger notion of module (called depleting module [61]) demands that M ⊆ O and that O \ M is Σ-inseparable from the empty ontology for the signature Σ of M. The intuition is that the on-tology statements outside of M should not say anything non-tautological about signature items in the module M.

Ontology mappings. The construction of mappings (or alignments) between ontologies is an important challenge in ontology engineering and integration [95]. Given two ontologies O1and O2in different signatures Σ1and Σ2, the problem

is to align the vocabulary items in Σ1 with those in Σ2 using a TBox T12 that

states logical relationships between Σ1 and Σ2. For example, T12 could consist

of statements of the form A1 ≡ A2 or A1 v A2, where A1 is a concept name

in Σ1 and A2 is a concept name in Σ2. When constructing such mappings,

we typically do not want one ontology to interfere with the semantics of the other ontology via the mapping [96, 50, 48]. This condition can (and has been) formalized using inseparability. In fact, the non-interference requirement can be given by the condition that Oiand O1∪ O2∪ T12are Σiinseparable, for i = 1, 2.

Knowledge base exchange. This application is a natural extension of data exchange [29], where the task is to transform a data instance D1structured under

a source schema Σ1 into a data instance D2 structured under a target schema

Σ2 given a mapping M12 relating Σ1 and Σ2. In knowledge base exchange [2],

we are interested in translating a KB K1in a source signature Σ1to a KB K2in

a target signature Σ2according to a mapping given by a TBox T12that consists

of CIs and RIs in Σ1∪ Σ2 defining concept and role names in Σ2 in terms of

concepts and roles in Σ1. A good solution to this problem can be viewed as a KB

K2that it is inseparable from K1∪T12with respect to a suitable Σ2-inseparability

relation.

Forgetting and uniform interpolation. When adapting an ontology to a new application, it is often useful to eliminate those symbols in its signature that are not relevant for the new application while retaining the semantics of the remaining ones. Another reason for eliminating symbols is predicate hiding, i.e., an ontology is to be published, but some part of it should be concealed from the public because it is confidential [26]. Moreover, one can view the elimination of symbols as an approach to ontology summary: the smaller and more focussed ontology summarizes what the original ontology says about the remaining sig-nature items. The idea of eliminating symbols from a theory has been studied in AI under the name of forgetting a signature Σ [88]. In mathematical logic and modal logic, forgetting has been investigated under the dual notion of uniform interpolation [84, 27, 102, 38, 33, 98]. Under both names, the problem has been

studied extensively in DL research [59, 105, 72, 104, 62, 79, 63]. Using inseparabil-ity, we can formulate the condition that the result Oforgetof eliminating Σ from

O should not change the semantics of the remaining symbols by demanding that O and Oforget are sig(O) \ Σ-inseparable for the signature sig(O) of O.

4

Concept Inseparability

We consider inseparability relations that distinguish TBoxes if and only if they do not entail the same concept inclusions in a selected signature.6 The result-ing concept inseparability relations are appropriate for applications that focus on TBox reasoning. We start by defining concept inseparability and the related notions of concept entailment and concept conservative extensions. We give il-lustrating examples and discuss the relationship between the three notions and their connection to logical equivalence. We then take a detailed look at concept inseparability in ALC and in E L. In both cases, we first establish a model-theoretic characterization and then show how this characterization can be used to decide concept entailment with the help of automata-theoretic techniques. We also briefly discuss extensions of ALC and the special case of E L with acyclic TBoxes.

Definition 2 (concept inseparability, entailment and conservative ex-tension). Let T1 and T2 be TBoxes formulated in some DL L, and let Σ be a

signature. Then

– the Σ-concept difference between T1 and T2 is the set cDiffΣ(T1, T2) of all

Σ-concept inclusions (and role inclusions, if admitted by L) α that are for-mulated in L and satisfy T2|= α and T16|= α;

– T1Σ-concept entails T2 if cDiffΣ(T1, T2) = ∅;

– T1 and T2 are Σ-concept inseparable if T1 Σ-concept entails T2 and vice

versa;

– T2 is a concept conservative extension of T1 if T2 ⊇ T1 and T1 and T2 are

sig(T1)-inseparable.

We illustrate this definition by a number of examples.

Example 3 (concept entailment vs. logical entailment). If Σ ⊇ sig(T1∪ T2), then

Σ-concept entailment is equivalent to logical entailment, that is, T1 Σ-concept

entails T2iff T1|= T2. We recommend the reader to verify that this is a

straight-forward consequence of the definitions (it is crucial to observe that, because of our assumption on Σ, the concept inclusions in T2qualify as potential members

of cDiffΣ(T1, T2)).

Example 4 (definitorial extension). An important way to extend an ontology is to introduce definitions of new concept names. Let T1be a TBox, say formulated

in ALC, and let T2 = {A ≡ C} ∪ T1, where A is a fresh concept name. Then

6

T2 is called a definitorial extension of T1. Clearly, unless T1 is inconsistent, we

have T1 6|= T2. However, T2 is a concept-conservative extension of T1. For the

proof, assume that T16|= α and sig(α) ⊆ sig(T1). We show that T26|= α. There is

a model I1 of T1 such that I 6|= α. Modify I by setting AI = CI. Then, since

A 6∈ sig(T1), the new I is still a model of T1and we still have I 6|= α. Moreover,

I satisfies A ≡ C, and thus is a model of T2. Consequently, T26|= α.

The notion of concept inseparability depends on the DL in which the sep-arating concept inclusions can be formulated. Note that, in Definition 12, we assume that this DL is the one in which the original TBoxes are formulated. Throughout this paper, we will thus make sure that the DL we work with is always clear from the context. We illustrate the difference that the choice of the ‘separating DL’ can make by two examples.

Example 5. Consider the ALC TBoxes

T1= {A v ∃r.>} and T2= {A v ∃r.B u ∃r.¬B}

and the signature Σ = {A, r}. If we view T1 and T2 as ALCQ TBoxes and

consequently allow concept inclusions formulated in ALCQ to separate them, then A v (≥ 2r.>) ∈ cDiffΣ(T1, T2), and so T1 and T2 are Σ-concept separable.

However, T1and T2are Σ-concept inseparable when we only allow separation in

terms of ALC-concept inclusions. Intuitively, this is the case because, in ALC, one cannot count the number of r-successors of an individual. We will later introduce the model-theoretic machinery required to prove such statements in a formal way.

Example 6. Consider the E L TBoxes

T1= {Human v ∃eats.>, Plant v ∃grows in.Area, Vegetarian v Healthy},

T2= T1∪ {Human v ∃eats.Food, Food u Plant v Vegetarian}.

It can be verified that

Human u ∀eats.Plant v ∃eats.Vegetarian

is entailed by T2but not by T1. If we view T1 and T2 as ALC TBoxes, then T2is

thus not a concept conservative extension of T1. However, we will show later that

if we view T1and T2 as E L TBoxes, then T2 is a concept conservative extension

of T1 (i.e., T1 and T2are sig(T1)-inseparable in terms of E L-concept inclusions).

As remarked in the introduction, conservative extensions are a special case of both inseparability and entailment. The former is by definition and the latter since T2 is a concept conservative extension of T1⊆ T2 iff T1 sig(T1)-entails T2.

Before turning our attention to specific DLs, we discuss a bit more the relation-ship between entailment and inseparability. On the one hand, inseparability is defined in terms of entailment and thus inseparability can be decided by two entailment checks. One might wonder about the converse direction, i.e., whether entailment can be reduced in some natural way to inseparability. This question is related to the following robustness condition.

Definition 3 (robustness under joins). A DL L is robust under joins for concept inseparability if, for all L TBoxes T1 and T2 and signatures Σ with

sig(T1) ∩ sig(T2) ⊆ Σ, the following are equivalent:

(i ) T1 Σ-concept entails T2in L;

(ii ) T1 and T1∪ T2 are Σ-concept inseparable in L.

Observe that the implication (ii ) ⇒ (i ) is trivial. The converse holds for many DLs such as ALC, ALCI and E L; see [55] for details. However, there are also standard DLs such as ALCH for which robustness under joins fails. Theorem 1. If a DL L is robust under joins for concept inseparability, then concept entailment in L can be polynomially reduced to concept inseparability in L.

Proof. Assume that we want to decide whether T1 Σ-concept entails T2. By

replacing every non-Σ-symbol X shared by T1and T2with a fresh symbol X1in

T1and a distinct fresh symbol X2in T2, we can achieve that Σ ⊇ sig(T1)∩sig(T2)

without changing (non-)Σ-concept entailment of T2 by T1. We then have, by

robustness under joins, that T1 Σ-concept entails T2 iff T1 and T1∪ T2 are

Σ-concept inseparable. ut

For DLs L that are not robust under joins for concept inseparability (such as ALCH) it has not yet been investigated whether there exist natural polynomial reductions of concept entailment to concept inseparability.

4.1 Concept inseparability for ALC

We first give a model-theoretic characterization of concept entailment in ALC in terms of bisimulations and then show how this characterization can be used to obtain an algorithm for deciding concept entailment based on automata-theoretic techniques. We also discuss the complexity, which is 2ExpTime-complete, and the size of minimal counterexamples that witness inseparability.

Bisimulations are a central tool for studying the expressive power of ALC and of modal logics; see for example [41, 68]. By a pointed interpretation we mean a pair (I, d), where I is an interpretation and d ∈ ∆I.

Definition 4 (Σ-bisimulation). Let Σ be a finite signature and (I1, d1) and

(I2, d2) pointed interpretations. A relation S ⊆ ∆I1 × ∆I2 is a Σ-bisimulation

between (I1, d1) and (I2, d2) if (d1, d2) ∈ S and, for all (d, d0) ∈ S, the following

conditions are satisfied:

(base) d ∈ AI1 _{iff d}0_{∈ A}I2_{, for all A ∈ Σ ∩ N}

C;

(zig) if (d, e) ∈ rI1_{, then there exists e}0 _{∈ ∆}I2 _{such that (d}0_{, e}0_{) ∈ r}I2 _and

(e, e0) ∈ S, for all r ∈ Σ ∩ NR;

(zag) if (d0, e0) ∈ rI2_{, then there exists e ∈ ∆}I1 _{such that (d, e) ∈ r}I1 _and

We say that (I1, d1) and (I2, d2) are Σ-bisimilar and write (I1, d1) ∼bisimΣ (I2, d2)

if there exists a Σ-bisimulation between them.

We now recall the main connection between bisimulations and ALC. Say that (I1, d1) and (I2, d2) are ALCΣ-equivalent, in symbols (I1, d1) ≡ALCΣ (I2, d2), in

case d1∈ CI1 iff d2 ∈ CI2 for all Σ-concepts C in ALC. An interpretation I is

of finite outdegree if the set {d0| (d, d0_{) ∈}S

r∈NRr

I_{} is finite, for any d ∈ ∆}I_.

Theorem 2. Let (I1, d1) and (I2, d2) be pointed interpretations and Σ a

signa-ture. Then (I1, d1) ∼bisimΣ (I2, d2) implies (I1, d1) ≡ALCΣ (I2, d2). The converse

holds if I1 and I2 are of finite outdegree.

Example 7. The following classical example shows that without the condition of finite outdegree, the converse direction does not hold.

I1 d1 d2 I2

Here, (I1, d1) is a pointed interpretation with an r-chain of length n starting

from d1, for each n ≥ 1. (I2, d2) coincides with (I1, d1) except that it also

contains an infinite r-chain starting from d2. Let Σ = {r}. It can be proved that

(I1, d1) ≡ALCΣ (I2, d2). However, (I1, d1) 6∼bisimΣ (I2, d2) due to the infinite chain

in (I2, d2).

As a first application of Theorem 2, we note that ALC cannot distinguish between an interpretation and its unraveling into a tree. An interpretation I is called a tree interpretation if rI∩ sI _{= ∅ for any r 6= s and the directed graph}

(∆I,S

r∈NRr

I_{) is a (possibly infinite) tree. The root of I is denoted by ρ}I_{. By the}

unraveling technique [41], one can show that every pointed interpretation (I, d) is Σ-bisimilar to a pointed tree interpretation (I∗, ρI∗), for any signature Σ. Indeed, suppose (I, d) is given. The domain ∆I∗ of I∗ is the set of words w = d0r0d1· · · rndn such that d0 = d and (di, di+1) ∈ riI for all i < n and roles

names ri. We set tail(d0r0d1· · · rndn) = dn and define the interpretation AI

∗

and rI∗ of concept names A and role names r by setting: – w ∈ AI∗ if tail(w) ∈ AI∗;

– (w, w0) ∈ rI∗ if w0= wrd0.

Lemma 1. The relation S = {(w, tail(w)) | w ∈ ∆I∗} is a Σ-bisimulation between (I∗, ρI∗) and (I, d), for any signature Σ.

We now characterize concept entailment (and thus also concept inseparability and concept conservative extensions) in ALC using bisimulations, following [72]. Theorem 3. Let T1 and T2 be ALC TBoxes and Σ a signature. Then T1

Σ-concept entails T2 iff, for any model I1 of T1 and any d1 ∈ ∆I1, there exist a

model I2 of T2 and d2∈ ∆I2 such that (I1, d1) ∼bisimΣ (I2, d2).

For I1 of finite outdegree, one can prove this result directly by employing

compactness arguments and Theorem 2. For the general case, we refer to [72]. We illustrate Theorem 3 by sketching a proof of the statement from Example 5 (in a slightly more general form).

Example 8. Consider the ALC TBoxes

T1= {A v ∃r.>} ∪ T and T2= {A v ∃r.B u ∃r.¬B} ∪ T ,

where T is an ALC TBox and B 6∈ Σ = {A, r} ∪ sig(T ). We use Theorem 3 and Lemma 1 to show that T1 Σ-concept entails T2. Suppose I is a model of

T1 and d ∈ ∆I. Using tree unraveling, we construct a tree model I∗ of T1

with (I, d) ∼bisim

Σ (I∗, ρI

∗

). As bisimilations and ALC TBoxes are oblivious to duplication of successors, we find a tree model J of T1 such that e ∈ AJ

implies #{d | (e, d) ∈ rJ} ≥ 2 for all e ∈ ∆J _{and (I}∗_{, ρ}I∗

) ∼bisim Σ (J , ρ

J_{). By}

reinterpreting B 6∈ Σ, we can find J0 that coincides with J except that now we ensure that e ∈ AJ implies e ∈ (∃r.B u ∃r.¬B)J0 for all e ∈ ∆J. But then J0 is a model of T2 and (I, d) ∼bisimΣ (J0, ρJ), as required.

Below, we illustrate possible interpretations I∗, J and J0 satisfying the above conditions, for a given interpretation I.

I d A s, r I∗ ρI∗ A s r J ρJ A s r r J0 ρJ A B s r r

Theorem 3 is a useful starting point for constructing decision procedures for concept entailment in ALC and related problems. This can be done from first principles as in [36, 70]. Here we present an approach that uses tree automata. We use amorphous alternating parity tree automata [106], which actually run on unrestricted interpretations rather than on trees. They still belong to the family of tree automata as they are in the tradition of more classical forms of such automata and cannot distinguish between an interpretation and its unraveling into a tree (which indicates a connection to bisimulations).

Definition 5 (APTA). An (amorphous) alternating parity tree automaton (or APTA for short) is a tuple A = (Q, ΣN, ΣE, q0, δ, Ω), where Q is a finite set of

states, ΣN ⊆ NC is the finite node alphabet, ΣE⊆ NRis the finite edge alphabet,

q0 ∈ Q is the initial state, δ : Q → mov(A) is the transition function with

mov(A) = {true, false, A, ¬A, q, q∧q0, q∨q0, hriq, [r]q | A ∈ ΣN, q, q0 ∈ Q, r ∈ ΣE}

Intuitively, the move q means that the automaton sends a copy of itself in state q to the element of the interpretation that it is currently processing, hriq means that a copy in state q is sent to an r-successor of the current element, and [r]q means that a copy in state q is sent to every r-successor.

It will be convenient to use unrestricted modal logic formulas in negation nor-mal form when specifying the transition function of APTAs. The more restricted form required by Definition 5 can then be attained by introducing intermediate states. We next introduce the semantics of APTAs.

In what follows, a Σ-labelled tree is a pair (T, `) with T a tree and ` : T → Σ a node labelling function. A path π in a tree T is a subset of T such that ε ∈ π and for each x ∈ π that is not a leaf in T , π contains one child of x.

Definition 6 (run). Let (I, d0) be a pointed ΣN ∪ ΣE-interpretation and let

A= (Q, ΣN, ΣE, q0, δ, Ω) be an APTA. A run of A on (I, d0) is a Q×∆I-labelled

tree (T, `) such that `(ε) = (q0, d0) and for every x ∈ T with `(x) = (q, d):

– δ(q) 6= false;

– if δ(q) = A (δ(q) = ¬A), then d ∈ AI (d /∈ AI_);

– if δ(q) = q0∧ q00_{, then there are children y, y}0 _{of x with `(y) = (q}0_{, d) and}

`(y0_{) = (q}00_{, d);}

– if δ(q) = q0∨ q00_{, then there is a child y of x such that `(y) = (q}0_{, d) or}

`(y0) = (q00, d);

– if δ(q) = hriq0, then there is a (d, d0) ∈ rI and a child y of x such that `(y) = (q0, d0);

– if δ(q) = [r]q0and (d, d0) ∈ rI, then there is a child y of x with `(y) = (q0, d0). A run (T, `) is accepting if, for every path π of T , the maximal i ∈ N with {x ∈ π | `(x) = (q, d) with Ω(q) = i} infinite is even. We use L(A) to denote the language accepted by A, i.e., the set of pointed ΣN ∪ ΣE-interpretations (I, d)

such that there is an accepting run of A on (I, d).

APTAs can easily be complemented in polynomial time in the same way as other alternating tree automata, and for all APTAs A1and A2, one can construct

in polynomial time an APTA that accepts L(A1)∩L(A2). The emptiness problem

for APTAs is ExpTime-complete [106].

We now describe how APTAs can be used to decide concept entailment in ALC. Let T1 and T2 be ALC TBoxes and Σ a signature. By Theorem 3, T1does

not Σ-concept entail T2 iff there is a model I1 of T1 and a d1∈ ∆I1 such that

(I1, d1) 6∼bisimΣ (I2, d2) for all models I2 of T2 and d2 ∈ ∆I2. We first observe

that this still holds when we restrict ourselves to rooted interpretations, that is, to pointed interpretations (Ii, di) such that every e ∈ ∆Ii is reachable from

di by some sequence of role names. In fact, whenever (I1, d1) 6∼bisimΣ (I2, d2),

then also (Ir

1, d1) 6∼bisimΣ (I r

2, d2) where Iir is the restriction of Iito the elements

reachable from di. Moreover, if I1and I2 are models of T1 and T2, respectively,

then the same is true for Ir

1 and I2r. Rootedness is important because APTAs can

obviously not speak about unreachable parts of a pointed interpretation. We now construct two APTAs A1and A2such that for all rooted sig(T1)-interpretations

1. (I, d) ∈ L(A1) iff I |= T1;

2. (I, d) ∈ L(A2) iff there exist a model J of T2 and an e ∈ ∆J such that

(I, d) ∼bisim_Σ (J , e).

Defining A as A1∩ A2, we then have L(A) = ∅ iff T1 Σ-concept entails T2. It is

easy to construct the automaton A1. We only illustrate the idea by an example.

Assume that T1 = {A v ¬∀r.B}. We first rewrite T1 into the equivalent TBox

{> v ¬A t ∃r.¬B} and then use an APTA with only state q0 and

δ(q0) =

^

s∈NR

[s]q0∧ (¬A ∨ hri¬B).

The acceptance condition is trivial, that is, Ω(q0) = 0. The construction of

A2 is more interesting. We require the notion of a type, which occurs in many

constructions for ALC. Let cl(T2) denote the set of concepts used in T2, closed

under subconcepts and single negation. A type t is a set t ⊆ cl(T2) such that,

for some model I of T2 and some d ∈ ∆I, we have t = {C ∈ cl(T2) | d ∈ CI}.

Let TP(T2) denote the set of all types for T2. For t, t0∈ TP(T2) and a role name

r, we write t rt0 if (i) ∀r.C ∈ t implies C ∈ t0 and (ii) C ∈ t0 implies ∃r.C ∈ t

whenever ∃r.C ∈ cl(T ). Now we define A2 to have state set Q = TP(T2) ] {q0}

and the following transitions: δ(q0) = _ TP(T2), δ(t) = ^ A∈t∩NC∩Σ A ∧ ^ A∈(NC∩Σ)\t ¬A ∧ ^ r∈Σ∩NR [r]_{t0∈ TP(T2) | t rt0} ∧ ^ ∃r.C∈t,r∈Σ hri_{t0∈ TP(T2) | t rt0, C ∈ t0}.

Here, the empty conjunction represents true and the empty disjunction represents false. The acceptance condition is again trivial, but note that this might change with complementation. The idea is that A2 (partially) guesses a model J that

is Σ-bisimilar to the input interpretation I, represented as types. Note that A2

verifies only the Σ-part of J on I, and that it might label the same element with different types (which can then only differ in their non-Σ-parts). A detailed proof that the above automaton works as expected is provided in [72]. In summary, we obtain the upper bound in the following theorem.

Theorem 4. In ALC, concept entailment, concept inseparability, and concept conservative extensions are 2 ExpTime-complete.

The sketched APTA-based decision procedure actually yields an upper bound that is slightly stronger than what is stated in Theorem 4: the algorithm for concept entailment (and concept conservative extensions) actually runs in time 2p(|T1|·2|T2|) _{for some polynomial p() and is thus only single exponential in |T}

For simplicity, in the remainder of the paper we will typically not explicitly report on such fine-grained upper bounds that distinguish between different inputs.

The lower bound stated in Theorem 4 is proved (for concept conservative extensions) in [36] using a rather intricate reduction of the word problem of exponentially space bounded alternating Turing machines (ATMs). An interest-ing issue that is closely related to computational hardness is to analyze the size of the smallest concept inclusions that witness non-Σ-concept entailment of a TBox T2 by a TBox T1, that is, of the members of cDiffΣ(T1, T2). It is shown in

[36] for the case of concept conservative extensions in ALC (and thus also for concept entailment) that smallest witness inclusions can be triple exponential in size, but not larger. An example that shows why witness inclusions can get large is given in Section 4.3.

4.2 Concept inseparability for extensions of ALC

We briefly discuss results on concept inseparability for extensions of ALC and give pointers to the literature.

In principle, the machinery and results that we have presented for ALC can be adapted to many extensions of ALC, for example, with number restrictions, inverse roles, and role inclusions. To achieve this, the notion of bisimulation has to be adapted to match the expressive power of the considered DL and the automata construction has to be modified. In particular, amorphous automata as used above are tightly linked to the expressive power of ALC and have to be replaced by traditional alternating tree automata (running on trees with fixed outdegree) which requires a slightly more technical automaton construction.

As an illustration, we only give some brief examples. To obtain an analogue of Theorem 2 for ALCI, one needs to extend bisimulations that additionally respect successors reachable by an inverse role; to obtain such a result for ALCQ, we need bisimilations that respect the number of successors [41, 68, 57]. Corresponding versions of Theorem 3 can then be proved using techniques from [68, 57]. Example 9. Consider the ALCQ TBoxes

T1= {A v ≥ 2 r.>} ∪ T and T2= {A v ∃r.B u ∃r.¬B} ∪ T ,

where T is an ALCQ TBox that does not use the concept name B. Suppose Σ = {A, r} ∪ sig(T ). Then T1 and T2 are Σ-concept inseparable in ALCQ.

Formally, this can be shown using the characterizations from [57].

The above approach has not been fully developed in the literature. However, using more elementary methods, the following complexity result has been estab-lished in [70].

Theorem 5. In ALCQI, concept entailment, concept inseparability, and con-cept conservative extensions are 2 ExpTime-complete.

It is also shown in [70] that, in ALCQI, smallest counterexamples are still triple exponential, and that further adding nominals to ALCQI results in un-decidability.

Theorem 6. In ALCQIO, concept entailment, concept inseparability, and con-cept conservative extensions are undecidable.

For a number of prominent extensions of ALC, concept inseparability has not yet been investigated in much detail. This particularly concerns extensions with transitive roles [45]. We note that it is not straightforward to lift the above techniques to DLs with transitive roles; see [37] where conservative extensions in modal logics with transitive frames are studied and [33] in which modal logics with bisimulation quantifiers (which are implicit in Theorem 3) are studied, in-cluding cases with transitive frame classes. As illustrated in Section 8, extensions of ALC with the universal role are also an interesting subject to study.

4.3 Concept inseparability for EL

We again start with model-theoretic characterizations and then proceed to deci-sion procedures, complexity, and the length of counterexamples. In contrast to ALC, we use simulations, which intuitively are ‘half a bisimulation’, much like EL is ‘half of ALC’. The precise definition is as follows.

Definition 7 (Σ-simulation). Let Σ be a finite signature and (I1, d1), (I2, d2)

pointed interpretations. A relation S ⊆ ∆I1_×∆I2_{is a Σ-simulation from (I}

1, d1)

to (I2, d2) if (d1, d2) ∈ S and, for all (d, d0) ∈ S, the following conditions are

satisfied:

(base`_{) if d ∈ A}I1_{, then d}0_{∈ A}I2_{, for all A ∈ Σ ∩ N}

C;

(zig) if (d, e) ∈ rI1_{, then there exists e}0 _{∈ ∆}I2 _{such that (d}0_{, e}0_{) ∈ r}I2 _and

(e, e0) ∈ S, for all r ∈ Σ ∩ NR.

We say that (I2, d2) Σ-simulates (I1, d1) and write (I1, d1) ≤simΣ (I2, d2) if there

exist a Σ-simulation from (I1, d1) to (I2, d2). We say that (I1, d1) and (I2, d2)

are Σ-equisimilar, in symbols (I1, d1) ∼esimΣ (I2, d2), if both (I1, d1) ≤simΣ (I2, d2)

and (I2, d2) ≤simΣ (I1, d1).

A pointed interpretation (I1, d1) is E LΣ-contained in (I2, d2), in symbols

(I1, d1) ≤ELΣ (I2, d2), if d1 ∈ CI1 implies d2 ∈ CI2, for all E LΣ-concepts C.

We call pointed interpretations (I1, d1) and (I2, d2) E LΣ-equivalent, in symbols

(I1, d1) ≡ELΣ (I2, d2), in case (I1, d1) ≤ΣEL(I2, d2) and (I2, d2) ≤ELΣ (I1, d1). The

following was shown in [71, 69].

Theorem 7. Let (I1, d1) and (I2, d2) be pointed interpretations and Σ a

sig-nature. Then (I1, d1) ≤simΣ (I2, d2) implies (I1, d1) ≤ELΣ (I2, d2). The converse

holds if I1 and I2 are of finite outdegree.

The interpretations given in Example 7 can be used to show that the converse direction in Theorem 7 does not hold in general (since (I2, d2) 6≤simΣ (I1, d1)). It is

instructive to see pointed interpretations that are equisimilar but not bisimilar. Example 10. Consider the interpretations I1 = ({d1, e1}, AI1 = {e1}, rI1 =

{(d1, e1)}) and I2= ({d2, e2, e3}, AI2 = {e2}, rI2 = {(d2, e2), (d2, e3)}) and let

I1 d1 e1 A r I2 d2 e2 e3 A r r

Similar to Theorem 3, Σ-equisimilarity can be used to give a model-theoretic characterization of concept entailment (and thus also concept inseparability and concept conservative extensions) in E L [69].

Theorem 8. Let T1 and T2 be E L TBoxes and Σ a signature. Then T1

Σ-concept entails T2 iff, for any model I1 of T1 and any d1 ∈ ∆I1, there exist a

model I2 of T2 and d2∈ ∆I2 such that (I1, d1) ∼esimΣ (I2, d2).

We illustrate Theorem 8 by proving that the TBoxes T1and T2 from

Exam-ple 6 are Σ-concept inseparable in E L. Example 11. Recall that Σ = sig(T1) and

T1= {Human v ∃eats.>, Plant v ∃grows in.Area, Vegetarian v Healthy},

T2= T1∪ {Human v ∃eats.Food, Food u Plant v Vegetarian}.

Let I be a model of T1and d ∈ ∆I. We may assume that FoodI = ∅. Define I0by

adding, for every e ∈ HumanI, a fresh individual new(e) to ∆Iwith (e, new(e)) ∈ eatsI0 and new(e) ∈ FoodI0. Clearly, I0 is a model of T2. We show that (I, d)

and (I0, d) are Σ-equisimilar. The identity {(e, e) | e ∈ ∆I} is obviously a Σ-simulation from (I, d) to (I0_{, d). Conversely, pick for each e ∈ Human}I0

an old(e) ∈ ∆I with (e, old(e)) ∈ eatsI, which must exist by the first CI of T1. It

can be verified that

S = {(e, e) | e ∈ ∆I} ∪ {(new(e), old(e)) | e ∈ ∆I}

is a Σ-simulation from (I0, d) to (I, d). Note that (I, d) and (I0, d) are not guaranteed to be Σ-bisimilar.

As in the ALC case, Theorem 8 gives rise to a decision procedure for concept entailment based on tree automata. However, we can now get the complexity down to ExpTime.7 To achieve this, we define the automaton A2 in a more

careful way than for ALC, while we do not touch the construction of A1. Let

sub(T2) denote the set of concepts that occur in T2, closed under subconcepts.

For any C ∈ sub(T2), we use conT(C) to denote the set of concepts D ∈ sub(T2)

such that T |= C v D. We define the APTA based on the set of states Q = {q0} ] {qC, qC| C ∈ sub(T2)},

7

where q0 is the starting state. The transitions are as follows: δ(q0) = ^ C∈sub(T2) (qC∨ qC) ∧ ^ r∈Σ [r]q0, δ(qA) = A ∧ ^ C∈conT(A)

qC and δ(qA) = ¬A for all A ∈ sub(T2) ∩ NC∩ Σ,

δ(qCuD) = qC∧ qD∧

^

E∈conT(CuD)

qE and

δ(qCuD) = qC∨ qD for all C u D ∈ sub(T2),

δ(q∃r.C) = hriqC∧

^

D∈conT(∃r.C)

qD and

δ(q_∃r.C) = [r]q_C for all ∃r.C ∈ sub(T2) with r ∈ Σ,

δ(q>) =

^

C∈conT(>)

qC and δ(q>) = false.

Observe that, in each case, the transition for q_C is the dual of the transition for qC, except that the latter has an additional conjunction pertaining to conT. As

before, we set Ω(q) = 0 for all q ∈ Q. An essential difference between the above APTA A2 and the one that we had constructed for ALC is that the latter had

to look at sets of subconcepts (in the form of a type) while the automaton above always considers only a single subconcept at the time. A proof that the above automaton works as expected can be extracted from [69].

Theorem 9. In E L, concept entailment, concept inseparability, and concept conservative extensions are ExpTime-complete.

The lower bound in Theorem 9 is proved (for concept conservative extension) in [71] using a reduction of the word problem of polynomially space bounded ATMs. It can be extracted from the proofs in [71] that smallest concept inclu-sions that witness failure of concept entailment (or concept conservative exten-sions) are at most double exponentially large, measured in the size of the input TBoxes.8_{The following example shows a case where they are also at least double}

exponentially large.

Example 12. For each n ≥ 1, we give TBoxes T1and T2whose size is polynomial

in n and such that T2 is not a concept conservative extension of T1, but the

elements of cDiffΣ(T1, T2) are of size at least 22

n

for Σ = sig(T1). It is instructive

to start with the definition of T2, which is as follows:

A v X0u · · · u Xn−1, d σ∈{r,s}∃σ.(Xiu X0u · · · u Xi−1) v Xi, for i < n, d σ∈{r,s}∃σ.(Xiu X0u · · · u Xi−1) v Xi, for i < n, d σ∈{r,s}∃σ.(Xiu Xj) v Xi, for j < i < n, d σ∈{r,s}∃σ.(Xiu Xj) v Xi, for j < i < n, X0u · · · u Xn−1v B. 8

This should not be confused with the size of uniform interpolants, which can even be triple exponential in EL [78].

The concept names X0, . . . , Xn−1 and X0, . . . , Xn−1 are used to represent a

binary counter: if Xi is true, then the i-th bit is positive and if Xi is true, then

it is negative. These concept names will not be used in T1and thus cannot occur

in cDiffΣ(T1, T2) for the signature Σ of T1. Observe that Lines 2-5 implement

incrementation of the counter. We are interested in consequences of T2 that are

of the form C2nv B, where

C0= A, Ci = ∃r.Ci−1u ∃s.Ci−1,

which we would like to be the smallest elements of cDiffΣ(T1, T2). Clearly, C2n

is of size at least 22n

. Ideally, we would like to employ a trivial TBox T1 that

uses only signature Σ = {A, B, r, s} and has no interesting consequences (only tautologies). If we do exactly this, though, there are some undesired (single exponentially) ‘small’ CIs in cDiffΣ(T1, T2), in particular Cn0 v B, where

C₀0 = A, C_i0 = A u ∃r.Ci−1u ∃s.Ci−1.

Intuitively, the multiple use of A messes up our counter, making bits both true and false at the same time and resulting in all concept names Xi to become true

already after travelling n steps along r. We thus have to achieve that these CIs are already consequences of T1. To this end, we define T1 as

∃σ.A v A0_{, A}0_{u A v B}0_{, ∃σ.B}0 _{v B}0_{, B}0 _{v B}

where σ ranges over {r, s}, and include these concept assertions also in T2 to

achieve T1⊆ T2 as required for conservative extensions.

4.4 Concept inseparability for acyclic EL TBoxes

We show that concept inseparability for acyclic E L TBoxes can be decided in polynomial time and discuss interesting applications to versioning and the logical diff of TBoxes. We remark that TBoxes used in practice are often acyclic, and that, in fact, many biomedical ontologies such as Snomed CT are acyclic EL TBoxes or mild extensions thereof.

Concept inseparability of acyclic E L TBoxes is still far from being a triv-ial problem. For example, it can be shown that smallest counterexamples from cDiffΣ(T1, T2) can be exponential in size [53]. However, acyclic E L TBoxes enjoy

the pleasant property that if cDiffΣ(T1, T2) is non-empty, then it must contain

a concept inclusion of the form C v A or A v C, with A a concept name. This is a consequence of the following result, established in [53].

Theorem 10. Suppose T1 and T2 are acyclic E L TBoxes and Σ a signature. If

C v D ∈ cDiffΣ(T1, T2), then there exist subconcepts C0 of C and D0 of D such

that C0 v D0 _{∈ cDiff}

Σ(T1, T2), and C0 or D0 is a concept name.

Theorem 10 implies that every logical difference between T1 and T2 is

an interesting perspective for representing the logical difference between TBoxes since, in contrast to cDiffΣ(T1, T2), the set of all concept names A that are

associ-ated with a logical difference C v A or A v C is finite. One can thus summarize for the user the logical difference between two TBoxes T1 and T2 by presenting

her with the list of all such concept names A.

Let T1 and T2 be acyclic E L TBoxes and Σ a signature. We define the set

of left-hand Σ-concept difference witnesses cWtnlhs_Σ(T1, T2) (or right-hand

Σ-concept difference witnesses cWtnrhs_Σ(T1, T2)) as the set of all A ∈ Σ ∩ NC such

that there exists a concept C with A v C ∈ cDiffΣ(T1, T2) (or C v A ∈

cDiffΣ(T1, T2), respectively). Note that, by Theorem 10, T1 Σ-concept entails

T2 iff cWtnlhsΣ(T1, T2) = cWtnrhsΣ(T1, T2) = ∅. In the following, we explain how

both sets can be computed in polynomial time. The constructions are from [53]. The tractability of computing cWtnlhsΣ(T1, T2) follows from Theorem 7 and

the fact that E L has canonical models. More specifically, for every E L TBox T and E L concept C one can construct in polynomial time a canonical pointed interpretation (IT ,C, d) such that, for any E L concept D, we have d ∈ DIT ,C iff

T |= C v D. Then Theorem 7 yields for any A ∈ Σ that

A ∈ cWtnlhs_Σ(T1, T2) ⇐⇒ (I2, d2) 6≤simΣ (I1, d1)

where (Ii, di) are canonical pointed interpretations for Ti and A, i = 1, 2. Since

the existence of a simulation between polynomial size pointed interpretations can be decided in polynomial time [23], we have proved the following result. Theorem 11. For E L TBoxes T1and T2and a signature Σ, cWtnlhsΣ(T1, T2) can

be computed in polynomial time.

We now consider cWtnrhs_Σ (T1, T2), that is, Σ-CIs of the form C v A. To

check, for a concept name A ∈ Σ, whether A ∈ cWtnrhs_Σ(T1, T2), ideally we

would like to compute all concepts C such that T1 6|= C v A and then check

whether T2 |= C v A. Unfortunately, there are infinitely many such concepts

C. Note that if T2 |= C v A and C0 is more specific than C in the sense that

|= C0 _{v C, then T}

2 |= C0 v A. If there is a most specific concept CA among

all C with T16|= C v A, it thus suffices to compute this CA and check whether

T2 |= CAv A. Intuitively, though, such a CA is only guaranteed to exist when

we admit infinitary concepts. The solution is to represent CA not as a concept,

but as a TBox. We only demonstrate this approach by an example and refer the interested reader to [53] for further details.

Example 13. (a) Suppose that T1 = {A ≡ ∃r.A1}, T2 = {A ≡ ∃r.A2} and

Σ = {A, A1, A2, r}. A concept CA such that T16|= CAv A should have neither

A nor ∃r.A1 as top level conjuncts. This can be captured by the CIs

XAv A1u A2u ∃r.(A u A2u ∃r.XΣ), (1)

XΣ v A u A1u A2u ∃r.XΣ, (2)

where XA and XΣ are fresh concept names and XA represents the most specific

concept CA with T1 6|= CA v A. We have T2∪ {(1), (2)} |= XA v A and thus

(b) Consider next T1 = {A ≡ ∃r.A1 u ∃r.A2}, T2 = {A ≡ ∃r.A2} and

Σ = {A, A1, A2, r}. A concept CA with T1 6|= CA v A should not have both

∃r.A1and ∃r.A2as top level conjuncts. Thus the most specific CAshould contain

exactly one of these top level conjuncts, which gives rise to a choice. We use the CIs

XA1 v A1u A2u ∃r.(A u A2u ∃r.XΣ), (3)

X_A2 v A1u A2u ∃r.(A u A1u ∃r.XΣ), (4)

where, intuitively, the disjunction of X1 Aand X

2

Arepresents the most specific CA.

We have T2∪ {(3), (2)} |= XA1 v A and thus A ∈ cWtnΣ(T1, T2).

The following result is proved by generalizing the examples given above. Theorem 12. For E L TBoxes T1and T2and signatures Σ, cWtnrhsΣ (T1, T2) can

be computed in polynomial time.

The results stated above can be generalized to extensions of acyclic E L with role inclusions and domain and range restrictions and have been implemented in the CEX tool for computing logical difference [53].

An alternative approach to computing right-hand Σ-concept difference wit-nesses based on checking for the existence of a simulations between polynomial size hypergraphs has been introduced in [67]. It has recently been extended [32] to the case of unrestricted E L TBoxes; the hypergraphs then become exponential in the size of the input.

5

Model Inseparability

We consider inseparability relations according to which two TBoxes are indis-tinguishable w.r.t. a signature Σ in case their models coincide when restricted to Σ. A central observation is that two TBoxes are Σ-model inseparable iff they cannot be distinguished by entailment of a second-order (SO) sentence in Σ. As a consequence, model inseparability implies concept inseparability for any DL L and is thus language independent and very robust. It is particularly useful when a user is not committed to a certain DL or is interested in more than just terminological reasoning.

We start this section with introducing model inseparability and the related notions of model entailment and model conservative extensions. We then look at the relationship between these notions and also compare model inseparability to concept inseparability. We next discuss complexity. It turns out that model inseparability is undecidable for almost all DLs, including E L, with the exception of some DL-Lite dialects. Interestingly, by restricting the signature Σ to be a set concept names, one can often restore decidability. We then move to model inseparability in the case in which one TBox is empty, which is of particular interest for applications in ontology reuse and module extraction. While this restricted case is still undecidable in E L, it is decidable for acyclic E L TBoxes.

We close the section by discussing approximations of model inseparability that play an important role in module extraction.

Two interpretation I and J coincide for a signature Σ, written I =Σ J ,

if ∆I = ∆J and XI = XJ for all X ∈ Σ. Our central definitions are now as follows.

Definition 8 (model inseparability, entailment and conservative exten-sions). Let T1and T2be TBoxes and let Σ be a signature. Then

– the Σ-model difference between T1 and T2 is the set mDiffΣ(T1, T2) of all

models I of T1such that there does not exist a model J of T2with J =ΣI;

– T1Σ-model entails T2if mDiffΣ(T1, T2) = ∅;

– T1and T2are Σ-model inseparable if T1 Σ-model entails T2and vice versa;

– T2 is a model conservative extension of T1 if T2 ⊇ T1 and T1 and T2 are

sig(T1)-model inseparable.

Similarly to concept entailment (Example 3), model entailment coincides with logical entailment when Σ ⊇ sig(T1∪ T2). We again recommend to the reader

to verify this to become acquainted with the definitions. Also, one can show as in the proof from Example 4 that definitorial extensions are always model conservative extensions.

Regarding the relationship between concept inseparability and model insep-arability, we note that the latter implies the former. The proof of the following result goes through for any DL L that enjoys a coincidence lemma (that is, for any DL, and even when L is the set of all second-order sentences).

Theorem 13. Let T1 and T2 be TBoxes formulated in some DL L and Σ a

signature such that T1 Σ-model entails T2. Then T1 Σ-concept entails T2.

Proof. Suppose T1Σ-model entails T2, and let α be a Σ-inclusion in L such that

T2|= α. We have to show that T1|= α. Let I be a model of T1. There is a model

J of T2 such that J =ΣI. Then J |= α, and so I |= α since sig(α) ⊆ Σ. ut

As noted, Theorem 13 even holds when L is the set of all SO-sentences. Thus, if T1 Σ-model entails T2 then, for every SO-sentence ϕ in the signature

Σ, T2 |= ϕ implies T1 |= ϕ. It is proved in [55] that, in fact, the latter exactly

characterizes Σ-model entailment.

The following example shows that concept inseparability in ALCQ does not imply model inseparability (similar examples can be given for any DL and even for full first-order logic [55]).

Example 14. Consider the ALCQ TBoxes and signature from Example 9: T1= {A v ≥ 2 r.>} T2= {A v ∃r.B u ∃r.¬B} Σ = {A, r}.

We have noted in Example 5 that T1and T2are Σ-concept inseparable. However,

A A A r

r r r

We note that the relationship between model-based notions of conservative extension and language-dependent notions of conservative extensions was also extensively discussed in the literature on software specification [17, 99, 100, 86, 76].

We now consider the relationship between model entailment and model in-separability. As in the concept case, model inseparability is defined in terms of model entailment and can be decided by two model entailment checks. Con-versely, model entailment can be polynomially reduced to model inseparability (in constast to concept inseparability, where this depends on the DL under con-sideration).

Lemma 2. In any DL L, model entailment can be polynomially reduced to model inseparability.

Proof. Assume that we want to decide whether T1Σ-model entails T2 holds. By

replacing every non-Σ-symbol X shared by T1and T2with a fresh symbol X1in

T1and a distinct fresh symbol X2in T2, we can achieve that Σ ⊇ sig(T1)∩sig(T2)

without changing the original (non-)Σ-model entailment of T2 by T1. We then

have that T1Σ-model entails T2iff T1and T1∪ T2are Σ-model inseparable. ut

The proof of Lemma 2 shows that any DL L is robust under joins for model inseparability, defined analogously to robustness under joins for concept insepa-rability; see Definition 3.

5.1 Undecidability of model inseparability

Model-inseparability is computationally much harder than concept inseparabil-ity. In fact, it is undecidable already for E L TBoxes [56]. Here, we give a short and transparent proof showing that model conservative extensions are unde-cidable in ALC. The proof is by reduction of the following undeunde-cidable N × N tiling problem [8, 89, 13]: given a finite set T of tile types T , each with four colors left(T ), right(T ), up(T ) and down(T ), decide whether T tiles the grid N × N in the sense that there exists a function (called a tiling) τ from N × N to T such that

– up(τ (i, j)) = down(τ (i, j + 1)) and – right(τ (i, j)) = left(τ (i + 1, j)).

If we think of a tile as a physical 1 × 1-square with a color on each of its four edges, then a tiling τ of N × N is just a way of placing tiles, each of a type from T, to cover the N × N grid, with no rotation of the tiles allowed and such that the colors on adjacent edges are identical.